Return-Path: 
 <cloudstack-dev-return-18334-apmail-incubator-cloudstack-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-cloudstack-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 549FEEAF2
	for <apmail-incubator-cloudstack-dev-archive@minotaur.apache.org>;
 Mon, 21 Jan 2013 19:38:51 +0000 (UTC)
Received: (qmail 52812 invoked by uid 500); 21 Jan 2013 19:38:51 -0000
Delivered-To: apmail-incubator-cloudstack-dev-archive@incubator.apache.org
Received: (qmail 52754 invoked by uid 500); 21 Jan 2013 19:38:50 -0000
Mailing-List: contact cloudstack-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:cloudstack-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:cloudstack-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:cloudstack-dev@incubator.apache.org>
List-Id: <cloudstack-dev.incubator.apache.org>
Reply-To: cloudstack-dev@incubator.apache.org
Delivered-To: mailing list cloudstack-dev@incubator.apache.org
Received: (qmail 52746 invoked by uid 99); 21 Jan 2013 19:38:50 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Jan 2013 19:38:50 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [209.85.214.175] (HELO mail-ob0-f175.google.com)
 (209.85.214.175)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 21 Jan 2013 19:38:46 +0000
Received: by mail-ob0-f175.google.com with SMTP id tb18so1657351obb.34
        for <cloudstack-dev@incubator.apache.org>;
 Mon, 21 Jan 2013 11:38:25 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=x-received:mime-version:in-reply-to:references:from:date:message-id
         :subject:to:content-type:content-transfer-encoding
         :x-gm-message-state;
        bh=Sf2jddQIdRI6sb5UhGtEy8ri2KJq1bgegq8xHQSJxZg=;
        b=isa7Qfr8X/aIIgG/lUoYkJ1S5An/9r4Ob8L5Zxx4Pc2ZO51Djph8450WjekQzSiw4w
         9Anr+JRgb5RLI2sBRAkrHmM3gUfDskyzHGoPGUNnYB5wnlBcwdkYMmylHFnMzagSKI/U
         tWjDveV9NOZoplVm+1hZyBn90/TP1ZTRTA1JUCoBfB/lQJMPnjMeLMB0c718uKuzsYQM
         4ljgajbWk/a+Rln9BzOwULHb4v0O9Tqphdx8Xv0ay0d5q2Kyp2N0qC1HQiq6XEPL71W1
         bvXtomix2g9DJadMLezHR6O2H6MV5rxkLG9uBqP1LYHztXiWYCj3zvZTZqitqBaT1eVN
         vXKg==
X-Received: by 10.60.1.8 with SMTP id 8mr14531366oei.42.1358797105036; Mon, 21
 Jan 2013 11:38:25 -0800 (PST)
MIME-Version: 1.0
Received: by 10.76.173.105 with HTTP; Mon, 21 Jan 2013 11:38:04 -0800 (PST)
In-Reply-To: 
 <35F04D4C394874409D9BE4BF45AC5EA9010B286BF024@BANPMAILBOX01.citrite.net>
References: 
 <02C38648D4635F4EB02DE11EE81CF1EE0120ABB5635E@BANPMAILBOX01.citrite.net>
 <CA+96GG6z-ZREoca=-jYXSb+uaiTgrfyGna7_P-7vnwZs0TXmpA@mail.gmail.com>
 <CAKprHVbrQg7sWXVDuD2SM7Zf8M3O1iuzVByhbLitDsvWYiw8HA@mail.gmail.com>
 <35F04D4C394874409D9BE4BF45AC5EA9010B286BF024@BANPMAILBOX01.citrite.net>
From: David Nalley <david@gnsa.us>
Date: Mon, 21 Jan 2013 14:38:04 -0500
Message-ID: 
 <CAKprHVbOzx22zuwDG9FK2F_NTAGkNgX6e-Lfzvr1yNgdnTJmKg@mail.gmail.com>
Subject: Re: FS for host updates notifications
To: cloudstack-dev@incubator.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: 
 ALoCoQl3xERGhSQjxxpukM4+w1/+iqfV65k3/Tck8tGBYY1NAZmyDkI0YrzUlTAECuY8a0Pk5Jg4
X-Virus-Checked: Checked by ClamAV on apache.org

On Tue, Jan 15, 2013 at 1:02 PM, Ram Ganesh <Ram.Ganesh@citrix.com> wrote:
>> -----Original Message-----
>> From: David Nalley [mailto:david@gnsa.us]
>> Sent: 08 January 2013 01:02
>> To: cloudstack-dev@incubator.apache.org
>> Subject: Re: FS for host updates notifications
>>
>> On Mon, Jan 7, 2013 at 2:21 PM, Chip Childers
>> <chip.childers@sungard.com> wrote:
>> > Bumping this thread.
>> >
>> > In reviewing CLOUDSTACK-192, I don't believe that we have reached
>> > consensus on this feature being part of CloudStack.  Ram noted in the
>> > ticket that the conversation would be revived.  Do we want to do
>> that?
>> >
>> > If not, I'm going to close CLOUDSTACK-192 as not applicable, move the
>> > functional spec to the uncommitted design page, and note that it
>> > wasn't accepted for now.
>> >
>> > If it was, I believe that Citrix released this feature in
>> > CloudPlatform.  If that is the case, we will have to bring in the
>> code
>> > via the IP Clearance process.
>> >
>> > Does someone want to try to drive this to consensus?
>> >
>>
>>
>> As I understand it the proposed plan is to check a URL that the
>> project doesn't control, and based on the contents of that URL advise
>> users, regardless of version of CloudStack that they have deployed
>> that there is an update to to their hypervisor and the unwritten part
>> of this implies that the user should apply said update, and that we
>> essentially are condoning it, despite the fact that we have done no
>> testing. CloudStack is in a weird position in that it orchestrates
>> lots of moving pieces. Blindly encouraging folks to update scares the
>> sysadmin in me, yes we might avoid some problems, but if you look at
>> some of the things we might have 'encouraged' upgrades for across all
>> of the hypervisors, letting a third party tell us "it's ok" should
>> scare you as well.
>>
>> --David
>
> That is true David. This feature collates available patches for all the X=
en hosts managed by CloudStack from a central repository which is updated a=
s and when a patch is available for a version of XenServer and presents a n=
eat report of which patches are already applied on a given host and which a=
re not across various versions of a host. What it does not do is to "apply =
patches". That is left to tools that do a better job. Instead of sharing th=
e credentials of all his/her Xen hosts to an external monitoring system a C=
loud Admin can have CloudStack provide a single central interface to these =
external software like zabbix. This to me makes integration with third part=
y software like zabbix, zenoss much easier and meaningful. It is an operati=
onal nightmare for an Admin to key in credentials of all his/her hosts to b=
oth CloudStack and his external management systems. This feature can be sup=
ported across other elements managed by CloudStack as long as those element=
s provide a standard protocol to share the patch details. Also please note =
scalability is not a concern here as we are not looking at providing real t=
ime updates.
>


So the premise is that applying updates is good. (otherwise, we
wouldn't care to know that updates are available) And generally that
is a true statement. However, it is not always true, and as proposed
we have no way. of distinguishing between the two.

If the proposal was that there would be some page of XML under the
project's control, and was version specific, and had an explicit
obligation of QAing updates against each specific version before
listing an available update and we had eventual commitment to do this
against all supported platforms, I could see this being awesome. But
that's a far cry from where the proposal seems to stand today, which
is something that scares me.

Imaging someone installing 4.1.0 today, and performing no further ACS
updates. Are we sure that 3 years down the road every hotfix/patch
that is available won't break something? I am not, and not personally
willing to cede that to a third party.

--David